Support Questions

Find answers, ask questions, and share your expertise

Difference between "Ranger ranger_audits" and "LogSearch audit_logs" Solr collections

What is the difference between these Solr collections?

  • Ranger: 'ranger_audits'
  • LogSearch: 'audit_logs'

Expert Contributor
@Sean Roberts

ranger_audits:- This is by Ranger plugins (hive,kafka etc) to stored the authorization audits [user,ip, resource, access/deny etc, timestamp etc] specific to authorization

Logsearch: audit_logs :- This is the collection where the logs of the service where the log_search is integrated. This is later used by logsearch UI to do analysis.

Logsearch stores logs in the collection "hadoop_logs". What does it store in "audit_logs" and is there an overlap with Ranger?

I don't see any documentation for logsearch explaining what is in each collection.

And what "solr_audit_logs_use_ranger" means in the logsearch config.